DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events

Description

[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Use behavior analytics software to detect anomalous user activity to mitigate insider threats

Ex2: Monitor logs from logical access control systems to find unusual access patterns and failed access attempts

Ex3: Continuously monitor deception technology, including user accounts, for any usage

1st: 1st Party Risk